Tagtools

Reporting on Web Form Attacks

THC-Hydra provides excellent output for plugging screenshots into your reports.

Hydra Web Form Cracking

Unfortunately, if there is a redirect associated with the login, Hydra returns a lot of false positives (or false negatives).

While not as clear, a ZAP screenshot highlighting the Fuzzer value with a differing result size can provide the evidence.

ZAP Fuzzer Result Size

Metasploit Database Authentication

Fixing Metasploit DatabaseĀ Errors

[*] Starting the Metasploit Framework console...-[-] Failed to connect to the database: FATAL: password authentication failed for user "msf3"
FATAL: password authentication failed for user "msf3"

or

[*] Starting the Metasploit Framework console...[-] Failed to connect to the database: FATAL: password authentication failed for user "msf4_user"
FATAL: password authentication failed for user "msf4_user"

Issue

Three times I have had issues with the Metasploit database presenting authentication errors. This has happened after version updates and applies to the Community Edition running on Kali.

Fix

Some users create a new user/database and point Metasploit to it. Instructions can be found here. I have found that this will work until a new version comes along.
Other users, myself included, have had more success with re-installing Metasploit. The following script walks you through deleting the Metasploit PostgreSQL database and re-installing Metasploit.

Clearly not ideal, but I have not been able to find the actual cause nor a permanent solution.

Script

apt-get purge metasploit
su postgres
echo 'drop database msf3;' | psql
echo 'drop user msf3;' | psql
exit
rm -fr /opt/metasploit
root@kali:~# rm -fr ./.msf4
root@kali:~# apt-get install metasploit

Example

@kali:~# apt-get purge metasploit
root@kali:~# su postgres
postgres@kali:~$ psql
psql (9.1.14)
Type "help" for help.

postgres=# \list
List of databases
    Name     |   Owner   | Encoding  | Collate | Ctype |   Access privileges    
-------------+-----------+-----------+---------+-------+----------------------- 
 msf3        | msf3      | SQL_ASCII | C       | C     |  
 postgres    | postgres  | SQL_ASCII | C       | C     |  
 template0   | postgres  | SQL_ASCII | C       | C     | =c/postgres          + 
             |           |           |         |       | postgres=CTc/postgres 
 template1   | postgres  | SQL_ASCII | C       | C     | =c/postgres          + 
             |           |           |         |       | postgres=CTc/postgres 
(4 rows)

postgres=# drop database msf3;
DROP DATABASE
postgres=# drop user msf3;
DROP ROLE
postgres=# \list
List of databases
List of databases
                              List of databases 
    Name     |  Owner   | Encoding  | Collate | Ctype |   Access privileges    
-------------+----------+-----------+---------+-------+----------------------- 
 postgres    | postgres | SQL_ASCII | C       | C     |  
 template0   | postgres | SQL_ASCII | C       | C     | =c/postgres          + 
             |          |           |         |       | postgres=CTc/postgres 
 template1   | postgres | SQL_ASCII | C       | C     | =c/postgres          + 
             |          |           |         |       | postgres=CTc/postgres 
(3 rows)

postgres=# \q
postgres@kali:/root/.msf4$ exit
exit
root@kali:~# rm -fr /opt/metasploit
root@kali:~# rm -fr ./.msf4
root@kali:~# apt-get install metasploit

© 2019 /dev/thought

Theme by Anders NorénUp ↑